JeremyCanada26

I found some advice from a guy that says that maybe I should deal with it on apache level, using mod_evasive He says my client will receive 403 http status code if the client requests too fast, which is easily detectable and workable. Anyone else have a better idea?

I recently wrote a web app made with flash that communicates with php scripts on my web server(apache2). Like most others, I believe my web app is the end all be all and could potentially attract millions of users Ok, long story short, in the long haul, there will be people using robots to communicate with my php scripts to do tasks that are in the game in order to cheat. I'd like to limit these users from hammering the server with robotic requests. I no for a fact that no human will make requests to my game more than once per two seconds or so. So is it best for me to somehow do this type of code with php? or maybe at the apache level somehow? My flash application can detect http error status codes for each request so if any solution would cause a non standard 200, that is fine, i should be able to detect the code, and wait a couple seconds on the flash client, then do a retry hopefully I'm lost on this one and would appreciate some help

lol ya ok

Is there a quick an easy way to test my php scripts without creating an html form and specifying values that I post to my php script? Maybe a firefox plugin or some tool that can be used to do it quicker? In the long haul, quicker, not just one time

I'm filtering user input and am trying to find out which php function that I use to filter the user input? $user_input = trim($_GET['value']); my regex that I'm using is this, ^(?:[a-z]|([-_ ])(?!.*[^a-z\1])){5,45}$ whenever any of the violations of the more than 1 space or more than 1 dash or more than one underscore, I want to just trim those down to 1 and continue using the existing $user_input with the invalid chars removed but I don't know which php function to use for that.

I am sending an image to my server and I'm using crc to check for errors in communication. I'd like to know if I should store the crc along with my image though as a means to check for duplicate images. There can potentially be millions of tiny images in the very long haul of my web app and I'd like to know if crc is unique enough for that or if maybe I should use md5 instead? Would two different images ever produce the exact same crc if you had like 50 million different images and calculated crc on all of them?

I would like to know what is the best overall fully featured image manipulation library for php? Open files from filesystem and the web, combine png images on top of each other and create a new image, etc etc

Ok, I finally got home to try this and now my image is not readable so something went wrong. I tried both with your imagejpeg($img, null, 100) as well as with imagepng($img, NULL, 4); and both produce unreadable png images that do not work.

The documentation for the s3 php class says it can take an input resource but it looks like it might be only for file resources and not image resources. http://undesigned.org.za/2007/10/22/amazon-s3-php-class/documentation#inputResource it says Does anyone know how to convert that code to use an image resource instead of a file resource?

The third party storage service that I'm using is amazon s3 and I'm using this php class here, http://undesigned.org.za/2007/10/22/amazon-s3-php-class I notice there is a putObject that can take an input resource. Maybe I can use that instead of the first method that takes in a bytearray?

I will definitely try this when I get home. I actually require a png image so i'll probably try using the imagepng($img, null, PNG_NO_FILTER); if that works, your a genius

I'm using the GD library to manipulate a png image and I'd like to know how to get access to a byte array of the data so that I can use a third party function that takes in a png bytearray and sends it off to a webservice for storage. //fetch an image from the web $image = imagecreatefrompng($url); //I do other GD manipulations with the $image resource above so I need it to come in as an image resource doOtherStrangeThings(); // where $width and $height are the dimensions of the final image $final_img = imagecreate($width, $height); //get access to the bytearray ???? $finalImageByteArray = imagepng($image, "0", PNG_NO_FILTER) //save the new image to third party storage service, must be a png bytearray $this->_saveImage($finalImageByteArray); The above code generates an error message for me. imagepng(): Unable to open '0' for writing: Permission denied but i'm not trying to write the file, I want to get access to the image resource as a bytearray. It's already a png image so I suspect it has the png header already in tact, etc

//store the png bytes into the byteArray var pngByteArray:ByteArray = PNGEncoder.encode(pngSourceBitmapData); //initialize the CRC checker var crc32Checker:CRC32 = new CRC32(); //calculate the crc of the pngByteArray crc32Checker.update(pngByteArray); //lets try md5 if we cant get crc to work? var md5String:String = MD5.hashBinary(pngByteArray); //create a parameters object var parametersObject:Object = new Object(); //add values to send along to php parametersObject.msg_to_php = "hi there"; //store the crc value of the pngByteArray parametersObject.c = crc32Checker.getValue(); //parametersObject.c = md5String; debugPanel.writeLine("loop through parameters to confirm they exist"); for (var found1:String in parametersObject) { debugPanel.writeLine("name: " + found1 + " value: " + parametersObject[found1]); } //set the position for the pointer in the ByteArray back to 0 pngByteArray.position = 0; //attempt to read the first 20 bytes debugPanel.writeLine("first 20 bytes" + pngByteArray.readMultiByte(20, "utf-8")); Above is my actionscript code that I'm currently using.

I should mention something that I noticed that looked kinda weird, when using the printf("%u\n", $checksum), I usually get output with the number 4, or 8 or some really small number like that

I tried that one and it was also not returning the same checksum. I switched from crc32 to md5 to see if that would work but it also generates a different value so that must mean maybe that the byteArray from my actionscript doesn't match the one from php's file_get_contents($file) that i'm using

Ok, here are the results from my debugging. In actionscript code, when I output using, trace(pngByteArray.readMultiByte(40, "utf-8")); I receive the following output, http://pastebin.com/jzifWQvg I pastebinned it because it looks more like the output in the pastebin site except it's missing the white space. In php when I output using your code above, I get the following output 0) ‰1) P2) N3) G4) 5) 6) 7) Just in case anyone wants to have a look at the actionscript ByteArray class, here it is, http://www.adobe.com/livedocs/flash/9.0/ActionScriptLangRefV3/flash/utils/ByteArray.html

I found php file() which says it returns an array of a file, assuming it's a bytearray I thought it might work but it also returns a different checksum when used. $checksum = crc32(file($file));

no, it doesn't but thanks. your method returns to me a very large negative number

I tried that file_get_contents already because I thought that would work but the it generates a checksum that doesn't match the one that I generate from flash. What is probably causing the issue I beleive is that My crc checker class from actionscript that I use, takes in a bytearray to calculate the crc and the way your doing it, takes in a string from file_get_contents(). That's why I asked about how to get a bytearray instead, maybe if I can get a byte array and try to run the crc checker on that value, it might generate the same checksum.

I want to get a bytearray from a temp file(uploaded file) on my system. I need the bytearray in order to calculate a crc on it to see if all of the data is the same as before I sent it from the client. an example of the temp name would be /tmp/g23uh4

Making first a request to see if they are authorize would be good but that doesn't resolve my issue because the second request is what sends the actual file and so if an attacker were to simply just stop the first request from leaving my application, then they could send the second request still. I think the whole problem is because http is stateless so no matter what I do, the file must be uploaded along with the authentication request and if the file has to be uploaded, then it's already too late to solve the problem. The problem is that I want to stop the uploaded file from being uploaded if the user isn't signed in(in order to save bandwidth on those requests) So my problem is that I have to pay for bandwidth on http requests from my flash application to my webserver even on requests in which the php script will determine the user wasn't authenticated and exits the script.

ahh ok I finally get what you mean by that. You are suggesting that because I'm using flash that it might be impossible to do right?

On first request of the application, I do in fact verify them when they pull their initial userData. Is there any way I can store something (i'm thinking session?) and on the subsequent request retrieve it or what? not exactly sure how I would do that though

Hi, I'm sending files from a flash application to my webserver and currently the file is sent along with some name/value pairs. The file is uploaded fully then the php executes. Is there any way for me to reverse this process?(trying to save bandwidth wherever possible here folks) I'd like to do authentication first somehow and then if the user authenticates, then do a file upload rather than allow the script to just go crazy allowing all.

sorry, i found the post now, this thread can be erased.